openstack/tempest
Code Issues Proposed changes
Files
195767a062009445940e6cbfa06d096141be3cc2
tempest/tempest/api/compute/admin/test_security_groups.py
zhufl b9b4f4f8c7 Fix assert logic in test_list_security_groups_list_all_tenants_filter 
In test_list_security_groups_list_all_tenants_filter, when testing
"Fetch all security groups for non-admin user", the following check
is not correct, it can't check "all created Security Groups are
present in fetched list", but can only check that "no other user's
Security Groups can be retrieved by non-admin user."
This is to fix the check statements.

Change-Id: I4781a3450385a66df53c437791ac6b107d8efe7e
2018-10-19 14:57:13 +08:00

90 lines
4.1 KiB
Python
Raw Blame History

# Copyright 2013 NTT Data
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
from tempest.api.compute import base
from tempest.common import utils
from tempest.lib.common.utils import data_utils
from tempest.lib import decorators
class SecurityGroupsTestAdminJSON(base.BaseV2ComputeAdminTest):
max_microversion = '2.35'
@classmethod
def setup_clients(cls):
super(SecurityGroupsTestAdminJSON, cls).setup_clients()
cls.adm_client = cls.os_admin.compute_security_groups_client
cls.client = cls.security_groups_client
def _delete_security_group(self, securitygroup_id, admin=True):
if admin:
self.adm_client.delete_security_group(securitygroup_id)
else:
self.client.delete_security_group(securitygroup_id)
@decorators.idempotent_id('49667619-5af9-4c63-ab5d-2cfdd1c8f7f1')
@utils.services('network')
def test_list_security_groups_list_all_tenants_filter(self):
# Admin can list security groups of all tenants
# List of all security groups created
security_group_list = []
# Create two security groups for a non-admin tenant
for _ in range(2):
name = data_utils.rand_name('securitygroup')
description = data_utils.rand_name('description')
securitygroup = self.client.create_security_group(
name=name, description=description)['security_group']
self.addCleanup(self._delete_security_group,
securitygroup['id'], admin=False)
security_group_list.append(securitygroup)
client_tenant_id = securitygroup['tenant_id']
# Create two security groups for admin tenant
for _ in range(2):
name = data_utils.rand_name('securitygroup')
description = data_utils.rand_name('description')
adm_securitygroup = self.adm_client.create_security_group(
name=name, description=description)['security_group']
self.addCleanup(self._delete_security_group,
adm_securitygroup['id'])
security_group_list.append(adm_securitygroup)
# Fetch all security groups based on 'all_tenants' search filter
fetched_list = self.adm_client.list_security_groups(
all_tenants='true')['security_groups']
sec_group_id_list = [sg['id'] for sg in fetched_list]
# Now check if all created Security Groups are present in fetched list
for sec_group in security_group_list:
self.assertIn(sec_group['id'], sec_group_id_list)
# Fetch all security groups for non-admin user with 'all_tenants'
# search filter
fetched_list = (self.client.list_security_groups(all_tenants='true')
['security_groups'])
sec_group_id_list = [sg['id'] for sg in fetched_list]
# Now check that 'all_tenants='true' filter for non-admin user only
# provide the requested non-admin user's created security groups,
# not all security groups which include security groups created by
# other users.
for sec_group in security_group_list:
if sec_group['tenant_id'] == client_tenant_id:
self.assertIn(sec_group['id'], sec_group_id_list,
"Failed to get all security groups for "
"non admin user.")
else:
self.assertNotIn(sec_group['id'], sec_group_id_list,
"Non admin user shouldn't get other user's "
"security groups.")
View Git Blame Copy Permalink